0

I was looking for ways to make Wi-Fi that uses WPA2-Personal/WPA-PSK secure, and I stumbled in this answer (the second one, from Terrence Koeman):

WPA2-PSK (aka WPA2 Personal) basically does the same thing as WPA2-Enterprise from the clients perspective: The client associates to the access point, authenticates to the access point using the pre-shared key and access point creates a 256bit PMK (pairwise master key) from the SSID and the pre-shared key (PSK). This PMK is then used to encrypt data traffic using CCMP/AES or TKIP.

[...]

There are ways to make WPA2-PSK somewhat more secure, in that it would take months to crack it instead of minutes (pre-computed rainbow tables) or hours (dictionary attack): Set your SSID to a random string of the maximum length (64 I think), since it's used as the seed for the PMK, and use a random pre-shared key (PSK) of the maximum length. If you then change the key monthly you can be reasonably sure that nobody has a current PMK or had/has access to your network.

Now, given that the PMK is created using the SSID as a seed and the pre-shared key (which is the, correct me if I am wrong, the Wi-Fi password), if I use a strong, random password, is using a random string as SSID really necessary to make it secure? Isn't a strong password enough?

re.sole
  • 5
  • 3

1 Answers1

2

Using a strong password is enough. If you use a pseudorandom password of 19 characters, that will give you a key with about ~113 bits of entropy. NIST requires symmetric keys of at least 112 bits so you should be fine with a 19 character pseudorandom alphanumeric password, even if the password is being cracked on a supercomputer.

In fact, normally, your WiFi AP broadcasts its SSID, so it is already known to the attacker. Therefore it adds no entropy to your PMK (it is included only as a salt) and there is no point in keeping a long random SSID.

nobody
  • 11,251
  • 1
  • 41
  • 60